Automating a secure container workflow

If you've run a container scan before you've likely seen it: the dreaded list of hundreds of vulnerabilities and other issues that can get your app blocked from deploying to production. You could try to triage each vulnerability one-by-one, as a SysAdmin might; but this method assumes you hand-curate every package that goes into the container, rather than treating them like a composable, agile method of shipping applications, building upon the work of a broader community.

In this session, we'll look at container image security from the developer's perspective, going beyond the brute force method of addressing vulnerabilities one-by-one, to an automated process that allows you to fix vulnerabilities quickly, taking advantage of the composable nature of container images and the fact that the Dockerfile is where most containers originate. Along the way we'll demonstrate:

- How to get your container builds started on the right base and automatically changing the base image as needed-Scanning containers images at various points of your pipeline and keeping the images and Dockerfile linked through the use of OCI standards so you can quickly implement fixes-Using Snyk to maintain a live view of containers running in your clusters so you know exactly which versions of an image are in production and need to be prioritized for fixes